1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <optional>
20 
21 #include <android-base/macros.h>
22 #include <android-base/result.h>
23 
24 #include <utils/StrongPointer.h>
25 
26 #include <android/system/keystore2/IKeystoreService.h>
27 
28 #include "KeystoreHmacKey.h"
29 #include "SigningKey.h"
30 
31 class KeystoreKey : public SigningKey {
32     using IKeystoreService = ::android::system::keystore2::IKeystoreService;
33     using IKeystoreSecurityLevel = ::android::system::keystore2::IKeystoreSecurityLevel;
34     using KeyDescriptor = ::android::system::keystore2::KeyDescriptor;
35     using KeyMetadata = ::android::system::keystore2::KeyMetadata;
36 
37   public:
~KeystoreKey()38     virtual ~KeystoreKey(){};
39     static android::base::Result<SigningKey*> getInstance(const std::string& signedPubKeyPath,
40                                                           const android::String16& keyAlias,
41                                                           int64_t KeyNspace, int keyBootLevel);
42 
43     virtual android::base::Result<std::string> sign(const std::string& message) const;
44     virtual android::base::Result<std::vector<uint8_t>> getPublicKey() const;
45 
46   private:
47     KeystoreKey(std::string signedPubKeyPath, const android::String16& keyAlias, int64_t keyNspace,
48                 int keyBootLevel);
49     bool initialize();
50     android::base::Result<std::vector<uint8_t>> verifyExistingKey();
51     android::base::Result<std::vector<uint8_t>> createKey();
52     android::base::Result<std::vector<uint8_t>> getOrCreateKey();
53 
54     KeyDescriptor mDescriptor;
55     KeystoreHmacKey mHmacKey;
56     android::sp<IKeystoreService> mService;
57     android::sp<IKeystoreSecurityLevel> mSecurityLevel;
58     std::vector<uint8_t> mPublicKey;
59 
60     std::string mSignedPubKeyPath;
61     int mKeyBootLevel;
62 };
63